Digital Signatures Get a Big Break

If you’re outside the pharmaceutical industry something happened last September that you probably didn’t hear about and may not seem like a big deal, but it is.

For the first time ever a big pharmaceutical company, in this case AstraZeneca, filed a new drug application (NDA) with the Food & Drug Administration (FDA) all electronically — including the signature pages. Big deal, you say? Maybe so, but the implications for business contracts everywhere are huge.

If the government and big pharma can work together electronically on something as important as a new drug, the door opens wide for all businesses to do the same.

“What we see as significant about it, is now that you’ve got something like AstraZeneca saying, ‘Okay, the FDA is willing to do this with us, we’re ready to go’, other companies are going to say, ‘Okay, if they can do it we can take the plunge too.’,” said Sally Hudson, research director for Identity and Access Management at IDC.

What differentiates this event from, say, EDI that banks use to exchange funds electronically, is there was no source contracts used ahead of time. Astra’s entire filing was based on a digital signature standard called SAFE, short for Signatures and Authentication for Everyone.

Right now, SAFE is designed specifically for the bio-pharma industry but the idea is no different than the federation standards being developed and deployed by OASIS or the Liberty Alliance around web services. There is also IdenTrust, a provider of digital identity authentication being used in the financial services industry.

“What SAFE has done is it’s created that same multilateral contract framework but independent of what the transactions are,” said Paul Donfried, VP of Identity and Access Solutions for Science Applications International Corp., a systems, solutions and technical services company. Donfried was also a founding member of IdenTrust.

Aside from the ease-of-use issue, there are a couple of other important aspects to this filing: security, version control and synchronization and money.

Security, of course, is a big deal in business. With SAFE security is agreed upon up front and there are rules and regulations that signatories must adhere to. Liability for, for example, is capped at $500,000 and signatories agree to arbitration not court action should problems arise.

“What it does, is it says there is one standard for the industry,” said Mollie Shields-Uehling, CEO of SAFE. “You can have lots of different (solution) providers, applications but they have to meet one technical set of specs as well as the identity assurance specs. If you think of it like Visa or MasterCard, in a lot of respects, it’s similar to that.”

Also security is enhanced because once a document is digitally signed any alteration to that document will void the signature with a big red “X”.

“In the paper world … you sign page 50, it’s pretty easy for someone to substitute a new page three and you’d never know,” said Donfried. “That’s mathematically impossibly with a digital signature.”